3rd, a controller or processor not recognized from the EU is going to be subject matter for the GDPR if it procedures the non-public information of knowledge topics in the EU Which processing is connected to the “checking” in the EU from the “habits” of data subjects as their habits https://cybersecuritycertificatesaudiarabia.blogspot.com/